- Fraudsters abuse PayPal’s subscription feature to inject phishing messages into legitimate PayPal emails.
- A manipulated customer service URL and a Google Workspace forwarding list widely spread the fake notifications.
- PayPal says it’s mitigating the issue and urges users to treat unexpected subscription emails with caution
Fraudsters use PayPal’s “Subscriptions” feature to send convincing phishing emails and trick users into giving access to their accounts on the platform.
Subscriptions are a feature that allows businesses to automatically bill their customers on a regular schedule. Customers sign up once and accept recurring payments, which PayPal then processes automatically.
If the company terminates a person’s subscription, that person is notified via email directly from PayPal’s servers and, as such, passes most email security scans.
Abuse of mailing lists
So how do scammers abuse this feature?
As BeepComputer explains that the email includes a customer service URL that the scammers managed to somehow modify to include the phishing message. At this time, it’s unclear how they accomplished this, and it’s speculated that they’re either abusing a loophole in how PayPal handles subscription metadata, or using an existing API or platform.
The message contains phishing content that we’re used to seeing in these scams: warning recipients that they have purchased an expensive item and that if they want to cancel the order, they should call PayPal at the phone number provided in the message.
However, this still doesn’t answer the question of how victims received this message, if they never subscribed to a particular company.
Apparently the original email is sent to only one address: “[email protected]”. Researchers believe it is a Google Workspace mailing list that automatically forwards the email to everyone else in the group who, in this case, are the victims.
“This forwarding may cause all subsequent SPF and DMARC checks to fail, since the email was forwarded by a server that was not the original sender,” the post writes.
PayPal was informed of the abuse and confirmed that it is currently working on a fix:
“PayPal does not tolerate fraudulent activity and we work hard to protect our customers from ever-evolving phishing scams,” PayPal said. BeepComputer.
“We are actively mitigating this issue and encourage people to always be vigilant online and alert to unexpected messages. If customers suspect they are the target of a scam, we recommend contacting customer service directly through the PayPal app or our Contact page for assistance.”
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
